STINNER Victor added the comment:
Ruby handled this issue as a vulnerability:
https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
The doc of "gettempprefix" says "This does not contain the directory
component", so it i
New submission from Yusuke Endoh :
Hello,
The tempfile library does not check the prefix argument, which can be exploited
to create files outside tmpdir by using directory traversal.
```
>>> import tempfile
>>> tempfile.gettempprefix()
'tmp'
>>> f = tempfile.NamedTemporaryFile(prefix="/home/m
